开发者

PSS signature verification fails since Android 2.3

开发者 https://www.devze.com 2023-03-23 23:17 出处:网络
In my app, I am verifying the digital signature of a file signed with the Probabilistic Signature Scheme (PSS) using SHA1 and RSA. The signatures are created in J2SE with the help of BouncyCastle.

In my app, I am verifying the digital signature of a file signed with the Probabilistic Signature Scheme (PSS) using SHA1 and RSA. The signatures are created in J2SE with the help of BouncyCastle.

In the Android app this verification worked fine so far (e.g., 2.1, 2.2). When testing the app on Android 2.3 devices/simulator I receive a NoSuchAlgorithmException.

NoSuchAlgorithmExc开发者_C百科eption: Signature SHA1withRSA/PSS implementation not found 

The relevant code I use for verifying the signature is the following:

Signature signature = Signature.getInstance("SHA1withRSA/PSS", "BC");
signature.setParameter(new PSSParameterSpec(64));
signature.initVerify(thePublicKey);
signature.update(theMessage.getBytes());
boolean signatureIsValid = signature.verify(theSignature);

What happened since Android 2.2, why was the algorithm "SHA1withRSA/PSS" removed from the "BC" provider?

Does anybody have a alternative (which at best works with all Android versions)?

Thank you!


The only way I managed to get PSS Signatures working was by switching my signature provider to Spongy Castle.

Quick how-to:

  1. Download the SpongyCastle JAR file and put it in your libs/ project folder. I used the JAR from APG: http://code.google.com/p/android-privacy-guard/source/browse/lib/bcprov-jdk16-146.jar?name=apg_service
  2. If using Eclipse, add the file to your project by going to its properties -> Java Build Path -> Libraries -> Add JARs... -> select the file
  3. Add the following line somewhere in your signing class

    static { Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider()); }

  4. Replace your BC with SC in getInstance()

    Signature signature = Signature.getInstance("SHA1withRSA/PSS", "SC");

The downside: Your binary will include a bonus 1.5mb.


I'm facing the same problem. Is do-it-yourself-way by porting Bouncy Castle to Android the only way?

0

精彩评论

暂无评论...
验证码 换一张
取 消